X
Business
Home Business Companies Google

Google closes hole in Single Sign-On service

Google has fixed an implementation flaw in the single sign-on service that powers Google Apps follow a warning from researchers that remote attackers can exploit a hole to access Google accounts.The vulnerability, described in this white paper (.
Written by Ryan Naraine, Contributor
Google has fixed an implementation flaw in the single sign-on service that powers Google Apps follow a warning from researchers that remote attackers can exploit a hole to access Google accounts.

The vulnerability, described in this white paper (.pdf), affects the SAML Single Sign-On Service for Google Apps.

This US-CERT notice describes the issue:

A malicious service provider might have been able to access a user's Google Account or other services offered by different identity providers.

Google has addressed this issue by changing the behavior of their SSO implemenation. Administrators and developers were required to update their identity provider to provide a valid recipient field in their assertions.

To exploit this vulnerability, an attacker would have to convince the user to login to their site.* Hat tip: Heise Security.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

pxl-20240424-181716738

Facebook's Meta AI is lying when it says you can disable it - but here's what you can do

Placeholder product image alt text

The best AI image generators to try right now